Bureau Veritas has released a technical standard and certification to support companies in their digital transformation and promote confidence in big data.

The new certification from Bureau Veritas Certification is based on the world's first technical standard focused on the management of personal data protection by companies. This standard was prepared by Bureau Veritas Certification, in collaboration with Lexing®, an international network of lawyers specialized in personal data protection.

The purpose is to offer companies an established, independent and credible certification pertaining to the management of the personal data they collect. Certified companies will be able to demonstrate that they manage the personal data they collect in accordance with regulatory requirements and the expectations of their stakeholders.

The new certification anticipates the General Data Protection Regulation (GDPR), which is due to come into force in May 2018 across all 28 European Union member states. The Regulation applies to companies based anywhere in the world that process or hold the personal data of EU citizens.

Furthermore, 80-90% of citizens have expressed concern regarding the protection of their personal data. Data breaches, global cyberattacks and leaks of classified information have now become regular occurrences. This climate of distrust has tended to intensify with big data, even as the General Data Protection Regulation will require organizations that process data to comply with much higher standards.

"Digital responsibility has emerged as one of the major challenges facing companies in coming years. Our framework integrates standards for managing the protection of personal data, such as obtaining consent, proportionality and retention periods, without fundamentally changing a company’s processes or structure", said Sébastien Fox, Vice President Certification Service Line, Bureau Veritas Group.

Companies need to take the lead and anticipate digital transformation by going beyond mere compliance with regulations. Responsible data management will give certified companies an additional way to protect and differentiate their brands, while restoring the trust of consumers, customers, patients and other stakeholders.

"All these steps will only be reassuring if they are clear, and if the assurances given about the protection of individuals’ fundamental rights and freedoms are credible. On this point, only an independent third party can legitimately affirm that ethical rules have been respected. As a global leader in certification, Bureau Veritas Certification is now working with companies in all sectors who want to engage in a rigorous and transparent manner," said Philippe Jeanmart, Senior Vice President Technical, Quality & Risk, Bureau Veritas.

The European Union's General Data Protection Regulations - EU GDPR increases controls on companies dealing with EU citizens personal data . wherever are located and supervisory Authorities of EU member states can impose fines of upto 4 % of global revenues or EUR 20 m whichever is greater for serious non compliance.

Certification Approach

Defination of Certiifcation scope

Certification Audit performed. This will evaluate the implementation of the technical standard , including the effectiveness of the organisation's procedure

A certificate valid for 3 years is issued upon satisfactory results

Surveillance Audits to verify the procedures continue to fulfill the requirements of the standard and monitor the continual improvement

Re - certification after 3 years to confirm the continued conformance and effectiveness of the procedure as a whole